“Cyber Wars” subtitled “Hacks That Shocked the Business World” is the second book written by Charles Arthur available on Audible in audiobook format. His previous work titled “Digital Wars: Apple, Google, Microsoft, and the Battle for the Internet” appears to have been well received and reviewed; I may have to give that one a listen as well. The Audiobook edition of this book is well narrated by Joe Jameson who has over a hundred books currently narrated on audible at the time of this review. Let me start by saying that I have been in the information security field for over thirty years and I continue to fight the cat and mouse game alongside other when it comes to attackers vs. defenders. Most of the attacks covered in this book were front and center not only in the security community but on the front cover of most newspapers as well. Even if you are not a professional having a deep understanding of computer security, I think you will be fascinated by the research uncovered in this book. It still amazes me when I see just what dedicated and driven people will do when they put their minds to it. The author does a decent job of breaking down some of the technology for novices, but he also does not lose the seasoned professional. It is a fine line to walk, and this book did an exceptional job of permitting both types to enjoy it equally.
Overall the book felt well researched and presented in the clear manner. Each of the various attacks were outlined and then the author provides a deeper dive in to what happened. Much of the books research appears to have come from the author interviewing or conversing with people who were in the know for a given attack; either ex-workers, people in the security field, etc. For me, I was not as much a fan of the lessons learned section at the end of each chapter. However, some reading this book might gain from this information and hopefully think about or improve their security posture because of it. I just felt that security advice is often easier when we look back and analyze what could have been done to prevent an attack. Reviewing an attack and learning from what went wrong is a major way of preventing future attacks from being successful, yet the details the author provided were often high-level and not specific to a given organization.
As much as the author tried to make the book work for security enthusiasts and lay people alike, there were a few places that I felt he could have provided more detail to the less experienced. Maybe a more information on what an Advanced Persistent Threat (APT) is and how many have names with specific animals assigned to them (bear, panda, dragon, etc.). A bit more time spent on the benefits of Multi-Factor Authentication (MFA). I felt overall, he did a good job of discussing what a Distributed Denial of Service (DDoS) attack is and why they can be so devastating to a company or person who depends on the Internet for a living. It also seemed that the author breezed over the importance of data brokers when it comes to protecting one’s information; think credit bureaus. More and more we are seeing the release of information from these data collection agencies and often there is no ramifications when it happens; the UKs GDPR is a positive direction here.
A few other areas where I thought the author did a good job was around the recent rise in tech support and bank phone scams. Ever had the “IRS” call you saying you owe them money and you have to pay them back using Google’s Play cards? He also touched on the critical nature of Internet of Things (IoT) and the usual tradeoffs between security and ez-of-use. Who or what is required to patch a device that is vulnerable to attack, and if such a device is used in an attack who is responsible? All very difficult questions to ask that will become even more important as this area of connectivity grows, and more lives are at risk. There was also a small chapter at the end of the book where the author covers future attacks. Here is not only talks about medical and IoT systems, but the idea of vulnerable machine learning systems. What if someone is able to teach an autonomous vehicle that a stop sign is really a go symbol. Or, what if humans are ignored from the equation and simply seen as just part of the pavement. These and many more attacks mentioned in this portion of the book will become the next TJ Maxx or Sony Entertainment.
The book’s audio narration was good. It is often difficult determining the performance quality based on one’s reading of a non-fiction book. We did not have multiple characters needing to be voiced, it was a simple reading of the book itself. Mr. Jameson did a good job of performing the piece and I do not recall any audio artifacts (page turns, swallows, background noise) while listening. The reading was well paced, and the volume levels were consistent. I do not recall listening to other works by this narrator previously, yet the book felt like it was performed by a professional.
Parents and younger readers, I do not have it in my notes, however I believe there were a few places when the author quotes others containing vulgar language. Apart from the infrequent use of profanity, the book could be enjoyed by younger audiences who are interested in the cyber security field.
In summary, if you are looking for a book that uncovers many of the security issues the plagued the early days of the internet and had a great impact on the companies effected, you have found it here in Cyber Wars. Even today, as attacks become more sophisticated, the means of defending them will be even more difficult. The book is not a Cyber Wars for Dummies, yet it is approachable and enjoyable by both those in the industry and not. The book gets a recommendation from me.